Hui Lin_How to disable some default log option

Hi,

I have update with master branch of Bro (still Bro 1.6).

But I find that currently, by default, Bro will generate conn.log, noitice_policy.log and packet_filter.log without indicating any bro policy script. I am wondering is there any way that I can disable them.

Best,

Hui

I have update with master branch of Bro (still Bro 1.6).

That's actually called 2.0, there isn't really a 1.6. :wink:

But I find that currently, by default, Bro will generate conn.log, noitice_policy.log and packet_filter.log without indicating any bro policy script. I am wondering is there any way that I can disable them.

Search for "disable_stream" in the logging framework documentation:
  http://www.bro-ids.org/documentation-beta/logging.bro.html

The streams you're looking to disable are:
  Conn::LOG
  Notice::POLICY_LOG
  PacketFilter::LOG

.Seth

Or, depending on what you want to do, enable "bare mode" with -b,
which won't load any default scripts.

Robin